Automation
Automation

Scripting How-To: Determine the correct event ID when creating an event policy that triggers on the syslog message

by Cordelia on ‎08-10-2015 02:31 PM - edited on ‎09-11-2017 04:10 PM by Administrator Administrator (1,069 Views)

Syslog messages that do not have an assigned event are logged using one of six generic event IDs:

 

  • SYSTEM
  • KERNEL
  • PFE
  • PIC
  • LCC
  • SCC

This event ID must be known if you wish to create an event policy that triggers on the syslog message; however,  the pseudo-event ID is unfortunately not recorded in the syslog, so it can be difficult to determine what the correct ID is.

 

To help with this problem, see the event script (capture-pseudo-events.slax) described on this page: Identifying the Correct Pseudo-Event ID